Export limit exceeded: 344151 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344151 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344151 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49193 | 1 Sick | 6 Baggage Analytics, Field Analytics, Logistic Diagnostic Analytics and 3 more | 2026-01-26 | 4.2 Medium |
| The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks). | ||||
| CVE-2025-30649 | 1 Juniper | 5 Junos, Mx-spc3, Mx240 and 2 more | 2026-01-26 | 7.5 High |
| An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing of these specific packets will sustain the DoS condition. This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R1-S2, 24.2R2 An indicator of compromise will indicate the SPC3 SPUs utilization has spiked. For example: user@device> show services service-sets summary Service sets CPU Interface configured Bytes used Session bytes used Policy bytes used utilization "interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage | ||||
| CVE-2025-49194 | 1 Sick | 1 Media Server | 2026-01-26 | 7.5 High |
| The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed. | ||||
| CVE-2025-49195 | 1 Sick | 1 Media Server | 2026-01-26 | 5.3 Medium |
| The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server. | ||||
| CVE-2025-49196 | 1 Sick | 1 Field Analytics | 2026-01-26 | 6.5 Medium |
| A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device. | ||||
| CVE-2025-49197 | 1 Sick | 1 Media Server | 2026-01-26 | 6.5 Medium |
| The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account. | ||||
| CVE-2025-49198 | 1 Sick | 1 Media Server | 2026-01-26 | 3.1 Low |
| The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens. | ||||
| CVE-2025-49199 | 1 Sick | 1 Field Analytics | 2026-01-26 | 8.8 High |
| The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information. | ||||
| CVE-2025-49200 | 1 Sick | 1 Field Analytics | 2026-01-26 | 6.5 Medium |
| The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files. | ||||
| CVE-2025-6089 | 1 Astuntechnology | 1 Ishare Maps | 2026-01-26 | 4.3 Medium |
| A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-56110 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2026-01-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_deal_update in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua. | ||||
| CVE-2025-39201 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | 6.1 Medium |
| A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. | ||||
| CVE-2025-39202 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | 7.3 High |
| A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. | ||||
| CVE-2025-39203 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | 6.5 Medium |
| A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop. | ||||
| CVE-2025-39204 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | 6.5 Medium |
| A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user. | ||||
| CVE-2025-52952 | 2 Juniper, Juniper Networks | 35 2x100ge \+ 4x10ge Mpc5e, 2x100ge \+ 4x10ge Mpc5eq, 2x100ge \+ 8x10ge Mpc4e and 32 more | 2026-01-26 | 6.5 Medium |
| An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default. | ||||
| CVE-2025-11198 | 1 Juniper | 3 Junos, Security Director Policy Enforcer, Space Security Director | 2026-01-26 | 7.4 High |
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one. This issue affects Security Director Policy Enforcer: * All versions before 23.1R1 Hotpatch v3. This issue does not affect Junos Space Security Director Insights. | ||||
| CVE-2024-47507 | 1 Juniper | 3 Junos, Junos Evolved, Junos Os Evolved | 2026-01-26 | 5.8 Medium |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this. This issue affects: Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.4 versions before 22.4R3; Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 versions before 22.4R3-EVO. | ||||
| CVE-2024-47506 | 2 Juniper, Juniper Networks | 19 Junos, Srx1500, Srx1600 and 16 more | 2026-01-26 | 5.9 Medium |
| A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs, depends on system internal timing that is outside the attackers control. This issue affects Junos OS on SRX Series: * All versions before 21.3R3-S1, * 21.4 versions before 21.4R3, * 22.1 versions before 22.1R2, * 22.2 versions before 22.2R1-S2, 22.2R2. | ||||
| CVE-2024-47504 | 1 Juniper | 4 Junos, Srx5400, Srx5600 and 1 more | 2026-01-26 | 7.5 High |
| An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S4, * 23.2 releases before 23.2R2-S2, * 23.4 releases before 23.4R2-S1, * 24.2 releases before 24.2R1-S1, 24.2R2. Please note that the PR does indicate that earlier versions have been fixed as well, but these won't be adversely impacted by this. | ||||